On February 2, the European Commission and U.S. Government reached political agreement on the new framework for transatlantic data flows. The new framework—the EU-U.S. Privacy Shield—succeeds the previous Safe Harbor agreement ruled invalid late last year.

It is expected to retain or enhance many of the elements contained in the original framework, including commitments by U.S. companies to give appropriate notices to EU citizens, maintain the security of transferred data, and tighten restrictions on any forward transfers.

These points are so important to business. To succeed in this new environment, U.S. companies must:

Roll-out company-wide initiatives to protect customer data as if it were their own.

Protect data at all levels with end-to-end encryption, authentication and access controls.

Be transparent about their compliance with the new ruling, as it will help them to retain customer trust in the long run.

Yet for all the debate around the transfer of data and the as-yet unspecified safeguards that U.S. companies must abide by, there is one elegant solution to protect and secure European data not considered by the dealmakers. They could simply have ensured that the keys used to encrypt data reside in the EU. This way, regardless of where the encrypted data goes, it remains safe.

This puts security at the front and center of business, and communicates how important a company values their customers’ data security.

We’ve seen how damaging security breaches can be both financially and from a reputation perspective for any kind of organization. So it’s imperative that, from the CEO right down through every level of a business or public body, the detrimental effect that poor security can have on a firm is understood.

Under the EU-U.S. Privacy Shield, EU citizens stand to gain a clearer understanding of how their data is used, with additional measures to lodge and process complaints. The U.S. Director of National Intelligence is also expected to confirm by official letter to the EU that U.S. intelligence agencies do not engage in “indiscriminate mass surveillance” of data transferred under the new arrangement.

There will also be an annual joint review by the European Commission and U.S. Department of Commerce to gauge how the agreement is functioning, which will include a review of access by U.S. intelligence agencies to EU-originating data.

This is sensible, and the new framework needs to be respected. Compliance must be seen as both a responsibility essential to the success of each business, and the continuation of the agreement.

What are your thoughts on the new framework? Do you think U.S. companies and EU citizens will benefit? Let me know in the comments on @Gemalto.

Let’s imagine that you’ve just signed up for a new solution for your cloud service; this really should be a time for celebration as your information is now easily manageable…

From Twitter

Loading...

More from Twitter

Subscribe to updates

Select a category of interest:

Enter your email address:

Delivered by FeedBurner. Submitting this form will open a popup window to the FeedBurner website.

Latest comments

21/02/18 @ 10:02MikeFingerprint on my mobil and hope to se Iris in the mobil soon. And hope to see fingerprint i paymentcards!

19/02/18 @ 16:02Tiffany ConwayHi David,
Thanks so much for your enthusiasm and interest in DDL! Unfortunately, at this time the pilot is still limited to a group of selected CO DMV participants, and enrollment at DMV locations is not yet being offered. We are working hard alongside our partners to ensure that DDL will be an option for any resident in the near future.
In the meantime, please do stay engaged in our pilot activity and news. And feel free to drop us a line at ddlpilot@gemalto.com – We would be happy to add your name to a wait-list of people who are interested in being part of a later phase of test participants.
Thanks again,
Tiffany

19/02/18 @ 16:02Tiffany ConwayHi Robert,
Yes, you hit the nail on the head! That is exactly the concept - a securely stored and locked application that houses an encrypted file which represents your driver's license or ID card in a digital format. This is very similar to mobile payment on your smart phone. The data that is presented is a digital representation of a physical credit card, but provides new benefits like greater convenience and higher security.
Thanks,
Tiffany